About 30 years ago, many considered banking a mature industry. Revenue growth was sputtering, as the existing pie was being shared with new players such as GE Capital and Fidelity, and higher-credit-quality companies were turning to commercial paper. The era of bank “disintermediation” was moving into high gear.

Then came an unparalleled and fairly-sudden combination of 4 dynamics: (i) quants introduced the ability to model almost every element of financial risk, (ii) an unprecedented leap in the ability to manipulate huge amounts of data allowed quant models to create financial products manageable from desktops, (iii) securitization transformed almost any financial product into a tradable security, and (iv) the transformation wrought by the preceding 3 dynamics opened the way for a vast new world of “innovation,” in which the components of financial products could be stripped and recombined into a highly leveraged, ever more abstract world of structured securities and derivatives. Take away any one of these and the last 25 years would be very different.

This combination, akin to firing solid-rocket boosters from a craft losing altitude, enabled the industry to soar into unimagined new orbits. Capital markets, once competitors, became sources of new revenues. Instead of intermediating liquidity, financial institutions began intermediating risk between sources and users of liquidity, amassing on their books huge amounts of risk that would drive their revenue models.

With so much riding on risk, institutions invested gazillions into risk management. By 2008, risk management was the most sophisticated discipline the industry had ever had. So, why were banks so badly blind-sided?

Many books have been written about this. In a new book, Managing Extreme Financial Risk, Karamjeet Paul, managing principal of Strategic Exposure Group, argues that the sophistication of risk management, combined with the complexities of their revenue models, deluded even the most experienced managers into ignoring the lethal Achilles heel of a financial institution’s model: extreme-tail risk. The key to surviving financial crises lies in its effective management.

My first impression when I came across Mr. Paul’s book was that it was probably yet one more book by a consultant providing simplistic and not very insightful advice. I was wrong. Mr. Paul is clearly someone who totally understands the dimensions of risk confronting financial institutions, and has thought deeply about it. His message: the only way to survive the next crisis, which can’t be predicted, is to know your extreme-tail risk now and manage it proactively.

Drawing on extensive experience (including 14 years at Citicorp where he was once CFO of its global investment bank and where he developed the interest-rate-gap management approach), Mr. Paul eloquently lays out in plain English, free of technical jargon, a new approach to managing extreme-tail risk. Supplemented by real-life stories and analogies, it’s an original and easy read for directors, senior managers and regulators.

Turning to the basics, Mr. Paul reminds readers that uncertainty creates risk with two dimensions, a distinction that I found very valuable. The first can be quantified, priced and mitigated in the normal course of business. Proper pricing can cover expected losses, and drives revenue models. Therefore, the objective in managing this dimension is to structure, preserve and protect revenues from risk. This is traditional risk management. Refining it has been the historical focus.

The second dimension, extreme-tail risk with infinitesimal but real probabilities, can’t be quantified nor mitigated in the normal course of business. Its potentially overwhelming devastation in crises can only be cushioned by capital. Therefore, capital being critical to sustaining a going concern, the objective in managing this dimension is to protect capital from risk.

He draws a distinction between probability-based traditional risk management, where the cost of being wrong is the loss of profits, and extreme-tail-risk management, where the cost of being wrong can be fatal to institutions. This is a critical distinction, yet it has been largely ignored in the debate over appropriate capital levels for financial institutions. And, with starkly different objectives, managing both as if they were merely an extension of traditional risk management is a recipe for disaster. Lehman and Bear Stearns are poster children of extreme-tail risk. Thus a different approach, he calls sustainability management, focused on protecting capital is needed.

Mr. Paul reasons that, given increased complexity and the fast-paced environment, where a company can be the market leader one day and gone the next, a simple and continuously-available measure of extreme-tail risk is mandatory, but is currently missing. Adopting the “Probable Maximum Loss” measure from the insurance industry, he demonstrates how strategies can be developed “to protect capital” to enhance sustainability in crises, with far-reaching implications.

He finds the current approach to capital paradoxically unsustainable. Additional capital’s cost must be covered by higher earnings, which the current risk-based revenue model can generate only via increased risk, which in turn escalates the need for capital. Questioning if raising huge amounts of capital is realistic, Mr. Paul advocates a different form of thinking, not advocating lower capital, but rather a way “to protect capital.” He suggests turning capital from the only protection against extreme-tail risk into the last protection from sudden death. Similar to what non-financial companies do, layers of protection for capital can enhance sustainability. This can make financial institutions stronger for investors and strengthen the financial system.

Mr. Paul’s book leaves the reader wishing for sustainability-management case studies. Their absence is understandable, as the required data is not in the public domain, but a greater focus on identifying such cases and developing the lessons that might be learned from them is something to which business schools, in particular, might make a valuable contribution.

Although not the focus of the book, regulatory reforms could also benefit. To deal with the industry’s increasingly complex models, well-meaning regulations and less-than-transparent criteria end up increasing complexity without ensuring that fundamental problems have been fixed. Industry leaders are not merely whining when they complain about the Byzantine imbroglio created by post-Dodd-Frank regulations. To the extent that simpler measures might draw attention to the root of the problem transparently, the proposed approach is worth considering.

For example, can quantifying extreme-tail risk bring some objectivity and transparency to the debate about what types of assets and exposures do not belong at highly-leveraged institutions? This is the regulatory concern behind the Volcker Rule in the US, the Vickers Commission Recommendations in the UK and the Liikanen Report of the European Commission.

The book concludes where its preface begins that boards must take a fresh look at their role in relation to extreme-tail risk. They would be wise to do so. Here’s a voice they can learn from.